TrustWorks Privacy and Security Practices (AI Assistant)
Introduction
At TrustWorks (QL Tech Ltd.), we are committed to follow the highest the privacy and security standards. This document outlines our privacy and security practices to ensure transparency and build trust with our customers.
What is the TrustWorks AI Assistant?
The TrustWorks AI-Assistant currently supports following use cases:
- Suggestions for Processing Activities
- Name and Purpose of Processing
- Lawful Basis
- Retention Schedules (only in BETA)
- Suggestions for Risk Mitigation Measures
How does TrustWorks AI Assistant work?
- When you interact with AI Assistant, several steps occur in the background:
- TrustWorks aggregates information about your organisation (data shared with LLM Providers below)
- Data relevant to the prompt is sent to a AI LLM Subprocessor, which produces an output to send back to TrustWorks.
- TrustWorks then processes the LLM’s output so that it adheres to the right format and language and displays the output to the user.
Who are TrustWorks’s Large Language Model Providers?
TrustWorks currently utilizes large language models (LLMs) provided by OpenAI (”OpenAI Global, LLC”). We continuously evaluate LLM providers and their models to provide the highest quality experience to our TrustWorks clients.
Which data we share with LLM providers?
- Mandatory data: Name of the business function (for example: “Customer Support”, “Sales”, “Marketing”)
- Mandatory data: Name of the processing activity (for example: “Recruitment process”)
- Mandatory data: Purpose of processing (long description - which describes how the processing activity is handled in the organisation.
- Optional data: Generic industry of the client’s organisation (for example: SaaS, Financial Services, Insurances, Health etc) - only if this information is set
- Optional data: Names of Data Repositories included in Data Map.
Any of the categories of data described above do not contain any personal information, which is filtered in the prompt before sending to LLM provider.
How is your data protected?
Any of the categories of data described above do not contain any personal information, which is filtered in the prompt before sending to LLM provider.
How is Customer Data protected when sent to AI Subprocessors?
- Before using any outside company or vendor, TrustWorks carefully assesses their privacy, security, and confidentiality practices. TrustWorks also signs a contract that enforces the necessary security, privacy, and legal requirements. We conduct regular checks on all our subprocessors to ensure that they comply with TrustWorks's standards. This involves reviewing various documents like attestation reports, penetration tests, and other relevant evidence, depending on the subcontractor's importance and associated risks.
- When sending data to our AI LLM Subprocessors, the data is encrypted in transit using TLS 1.2 or greater.
Will your data be used to train any models?
No, your data will not be used to train any model.
How is Customer Data segregated?
Individual customer accounts are maintained separately in our production environment. We ensure that data from different customers is never mixed or processed together during AI operations. In this way, we prioritize the security and privacy of your data by preventing its exposure to other trustWorks customers.
What are the data retention obligations of third-party AI providers?
LLM Subprocessors only retain data for 30 days or less before deletion.
What compliance standards does TrustWorks AI Assistant meet?
TrustWorks AI Assistant is part of trustWorks's ISO 27001 certification, which showcases our dedication to complying with different regulatory and industry standards. We are also planning to obtain SOC 2 Type 2 certification in 2024.
Is it possible to prevent data from being sent to TrustWorks Subprocessors?
Yes. AI Assistant can be disabled on demand.
Who owns the rights to content generated by TrustWorks AI Assistant?
TrustWorks does not claim ownership of your input or the generated output.